-
STATE OF MICHIGAN COURT OF APPEALS ANGELA RENEE WARE, UNPUBLISHED November 4, 2014 Plaintiff-Appellee, V No. 307886 Kalamazoo Circuit Court BRONSON METHODIST HOSPITAL, LC No. 2010-000635-NZ Defendant-Appellant, and PATRICIA MARIE WARK, Defendant. Before: RONAYNE KRAUSE, P.J., and HOEKSTRA and WHITBECK, JJ. RONAYNE KRAUSE, P.J. (dissenting). Defendant Patricia Wark, a nurse employed by defendant Bronson Methodist Hospital, repeatedly accessed the confidential medical record of plaintiff Angela Renee Kratzer (formerly Angela Renee Ware), a Bronson Hospital patient. The Hospital admits that Wark was not one of Kratzer’s healthcare providers and should not have viewed Kratzer’s records. The Hospital further concedes that when admitted to the Hospital, Kratzer feared Wark would attempt to read her medical record, warned the Hospital of this possibility, and specifically directed the Hospital not to “share” her health information with Wark. When Wark disclosed the illegally accessed confidential information in a child custody proceeding, Kratzer sued Wark and the Hospital. As to the Hospital, Kratzer’s complaint sets forth several liability theories. One theory focuses on the Hospital’s policies and procedures addressing the confidentiality of medical information. Kratzer’s complaint avers that the Hospital negligently failed to adopt “appropriate policies and procedures for safeguarding, protecting, and ensuring the confidentiality of a patient’s protected health information from unauthorized access,” and raised several other claims related to the Hospital’s medical record access policies. One issue presented is whether Kratzer’s policy and procedure claims sound in negligence or in medical malpractice. -1- The majority holds that “[t]o determine whether the Hospital’s policies and procedures were appropriate, the jury would necessarily have to balance what information doctors, nurses, and medical staff require to make medical decisions against the patients’ rights to confidentiality under various laws.” Ante at 10. According to the majority, “[a] jury cannot determine whether an employee will need health information to do his or her job without knowing and understanding what information several types of hospital employee – doctors, nurses, and other medical staff—reasonably require to make medical decision.” Id. Thus, the majority concludes, Kratzer’s claim concerning hospital policies sounds in medical malpractice rather than in negligence. I respectfully dissent. In my view, designing policies and procedures that adequately safeguard a patient’s right to confidentiality does not require an exercise of medical judgment. Contrary to the majority’s view, no standards of medical care dictate the privacy rights of hospital patients. Rather, the questions presented are legal, technological, and administrative. Clearly, expert testimony is necessary. However, the expert testimony critical to Kratzer’s case has nothing to do with the medical standards of care expected of health care professionals. Accordingly, I would hold that a jury should decide Kratzer’s policy and procedure claims. I would not have addressed the Hospital’s statute of frauds argument regarding plaintiff’s breach of implied contract claim for the first time on appeal, but the majority’s recitation of MCL 566.132 is accurate. I respectfully disagree with the majority’s conclusion that any of plaintiff’s claims sound in medical malpractice. In Bryant v Oakpointe Villa,
471 Mich 411, 422; 684 NW2d 864 (2004), our Supreme Court set forth the two “defining characteristics” of a medical malpractice clam: First, medical malpractice can occur only “‘within the course of a professional relationship.’” [Dorris v Detroit Osteopathic Hosp Corp,
460 Mich 26, 45; 594 NW2d 455 (1999) (internal quotation omitted)]. Second, claims of medical malpractice necessarily “raise questions involving medical judgment.”
Id. at 46. Claims of ordinary negligence, by contrast, “raise issues that are within the common knowledge and experience of the [fact-finder].”
Id.Therefore, a court must ask two fundamental questions in determining whether a claim sounds in ordinary negligence or medical malpractice: (1) whether the claim pertains to an action that occurred within the course of a professional relationship; and (2) whether the claim raises questions of medical judgment beyond the realm of common knowledge and experience. If both these questions are answered in the affirmative, the action is subject to the procedural and substantive requirements that govern medical malpractice actions. Clearly and undisputedly, the relationship here was professional. However, protecting private client information is inherent in almost any professional relationship and a great many ordinary business relationships as well. The fact that the information happened to be medical in nature has no bearing on the essentially administrative judgment necessary to protect it, either in the abstract or, as here, from an anticipated and specific known threat. Bryant’s second inquiry -2- directs us to examine “whether the claim raises questions of medical judgment requiring expert testimony or, on the other hand, whether it alleges facts within the realm of a jury’s common knowledge and experience.” Id. at 423. “If the reasonableness of the health care professionals’ action can be evaluated by lay jurors, on the basis of their common knowledge and experience, it is ordinary negligence. If, on the other hand, the reasonableness of the action can be evaluated by a jury only after having been presented the standards of care pertaining to the medical issue before the jury explained by experts, a medical malpractice claim is involved.” Id. Simply put, there is nothing medical about the protection of confidential client/patient information. The majority declares that “multiple medical standards of care” factor into the creation of confidentiality policies, ante at 10, emphasis in original, but supports this sweeping, conclusory statement with neither analysis nor examples. In my view, a single standard of care bears relevance to hospital confidentiality policies, and a lay jury can easily evaluate that standard without assistance from medical experts. In a nutshell, that standard provides that patients have a right to keep confidential the details of their medical care and treatment. Perhaps this right of confidentiality dates back to adoption of The Hippocratic Oath, a provision of which provides: “I will respect the privacy of my patients, for their problems are not disclosed to me that the world may know.” Stedman’s Medical Dictionary (28th ed), pp 890-891. The Michigan Supreme Court recognized this fundamental principle more than 130 years ago in DeMay v Roberts,
46 Mich 160;
9 NW 146(1881). In that case, Dr. DeMay brought “an unprofessional young unmarried man” with him to “the childbed” of Mrs. Roberts. Dr. DeMay’s companion “could hear at least, if not see all that was said and done” during the ensuing childbirth.
Id. at 165. The Supreme Court found that a violation of Mrs. Robert’s right to privacy permitting the recovery of “substantial damages,” declaring: It would be shocking to our sense of right, justice and propriety to doubt even but that for such an act the law would afford an ample remedy. To the plaintiff the occasion was a most sacred one and no one had a right to intrude unless invited or because of some real and pressing necessity which it is not pretended existed in this case. The plaintiff had a legal right to the privacy of her apartment at such a time, and the law secures to her this right by requiring others to observe it, and to abstain from its violation.
Id. at 165-166. The standard of care articulated in DeMay is easily understood by laypersons. It does not differ among obstetricians, anesthesiologists, or pediatricians. In fact, since this standard of care does not involve medical expertise but privacy concerns in general, it also applies to any other setting in which privacy rights are implicated, such as an attorney/client relationship. 1 For the present case it is important to note that just because the privacy issue arose in a medical setting over medical information does not mean medical experts are required. Private medical 1 The phrase ‘standard of care’ can apply to a variety of concepts. In this case, the majority refers to a medical standard of care. However, since this case involves not a medical issue but a privacy issue, the phrase ‘standard of care’ refers not to anything medical, but to the standard of care involving the duty to ensure the privacy of a patient’s confidential information. -3- information must be kept private. Numerous statutes incorporate this basic axiom. See MCL 333.26261 et seq (The Medical Records Act), MCL 330.1748 (mental health records), MCL 333.20170 (Public Health Code, medical records access and compliance), MCL 333.20201 (Public Health Code, patient rights), MCL 333.21515 (Mental Health Code, confidentiality of records), Michigan Administrative Code 324.1028 (minimum standards for hospitals). Legal necessities sometimes intrude on a patient’s right to privacy. For example, a patient’s receipt of insurance benefits may be conditioned on a waiver of some aspects of the physician-patient relationship. Similarly, a plaintiff in a personal injury case may be required to waive the patient/physician privilege to recover damages for injury. Such waivers are exceptions to the rule of confidentiality and must be taken into account in privacy policies. However, the relationships giving rise to waivers are of no moment here, because the standard of care owed to Kratzer does not implicate any waiver. That standard required the Hospital to maintain her records in a manner that prevented access to unprivileged parties, particularly Wark. How that standard should have been implemented implicates practical questions such as the design of a computer records system.2 However, it has nothing to do with a standard of care regarding anything other than privacy. Nor does an analysis of medical record policies and procedures call for the exercise of medical judgment. The duty to protect medical records from prying eyes may have originated with Hippocrates, but it is now clearly elucidated in HIPAA regulations compelling a hospital to: (1) Ensure the confidentiality, integrity, and availability of all electronic protected health information the covered entity or business associate creates, receives, maintains, or transmits. (2) Protect against any reasonably anticipated threats or hazards to the security or integrity of such information . (3) Protect against any reasonably anticipated uses or disclosures of such information that are not permitted or required under subpart E of this part. (4) Ensure compliance with this subpart by its workforce.
45 CFR § 164.306. 2 This Court’s internal docketing and case management system locks certain users out of data available to other users. For example, judges cannot access portions of the system used by the clerk’s office. Research attorneys cannot access aspects of the system available to judges. How the system creates its pathways and blockades is beyond my understanding. However, it most certainly does not involve a legal standard of care. This Court’s programmers incorporated policy and decisions giving rise to the confidentiality rules with computer technology. Similarly, a hospital privacy policy should marry legal rules and regulations with technological know-how. Medical standards of care are not part of this mix. -4- Notably, the regulations contemplate that a hospital must protect against “reasonably anticipated threats” to the security of electronically stored health care information. HIPAA permits covered hospitals some leeway in designing their policies: (b) Flexibility of approach. (1) Covered entities and business associates may use any security measures that allow the covered entity or business associate to reasonably and appropriately implement the standards and implementation specifications as specified in this subpart. (2) In deciding which security measures to use, a covered entity or business associate must take into account the following factors: (i) The size, complexity, and capabilities of the covered entity or business associate. (ii) The covered entity's or the business associate's technical infrastructure, hardware, and software security capabilities. (iii) The costs of security measures. (iv) The probability and criticality of potential risks to electronic protected health information.
45 C.F.R. § 164.306. I find nothing in these criteria related to the intricacies of medical practice or the exercise of medical judgment. Indeed, Hospital patients are informed when they consent to treatment that the Hospital’s privacy policy attaches to their healthcare information, that “[a]ll Bronson affiliated providers . . . are required by law to maintain the privacy of [patients’] health information,” and that their information may only be provided to others to facilitate treatment or to pay insurance claims. Drawing on their common knowledge and experience, lay people readily understand these uncomplicated statements. Kratzer alleges that gaps in the Hospital’s privacy policies permitted an unprivileged interloper to easily access confidential information. Unlike the majority, I believe that the resolution of this claim likely requires input from computer experts, lawyers, and/or hospital administrators. However, jurors have no need of expert testimony concerning standards of medical care to determine whether the Hospital’s privacy policies adequately protected patients such as Kratzer. Indeed, the majority’s failure to identify what medical specialist must sign the relevant affidavit of merit under MCL 600.2169(1) reveals the inadequacies of the majority’s analysis. I would agree with the majority’s observation that determining who has a need to view any given patient’s medical information at any given time may entail some degree of medical judgment, if that necessity was assessed within the context of actual medical care or treatment. In context, however, that is a straw man argument. There is absolutely no dispute here that Wark had no need to view plaintiff’s information and was in no way involved in plaintiff’s care or treatment. The gravamen of plaintiff’s complaint is not an assertion that the Hospital should have selected a different constellation of individuals who should have been authorized to view her medical information, but rather that the Hospital failed to ensure that those who were -5- actually not authorized had no access. Indeed, five out of the seven duties plaintiff asserts were breached explicitly refer to access which was unauthorized, not merely inappropriate. The other two assert that the Hospital failed to limit disclosures to those who needed the information, which, again, Wark undisputedly did not. Had Wark actually been involved in any way in plaintiff’s care or treatment, and had plaintiff asserted that Wark was but should not have been authorized to view her records, the majority’s logic would be entirely appropriate. It is obviously a matter of medical judgment whether an actual provider of care or treatment needs to know any particular information about a patient. However, there is no medical judgment necessary to determine that medical records are private. Likewise, there is no medical judgment necessary to know that someone totally uninvolved with a given patient does not need to know anything about that patient, at least until such time as they become involved. By way of an analogy, a clerk hired by a lawyer has no need to pry into confidential client files being kept by another lawyer down the hall, and there is no particular legal training necessary to draw that conclusion. The concepts of privacy and the failure to maintain it are certainly “within the common knowledge and experience” of jurors. The determination of what a care or treatment provider needs to know about a patient may be medical, but the implementation of excluding all others from access is simply administrative. Expert testimony may be required, but in this day and age the expert is more likely to be a computer expert, records auditor, or even a lawyer. The majority concludes that whether the Hospital failed to follow its own procedures requires no medical testimony; I agree, however by the same logic, whether those procedures were effective at accomplishing their purported goals also requires no medical testimony. It likewise requires no medical judgment to act on an advance warning of a known threat or to implement a training program in either privacy concepts in general or whatever access control system the Hospital has in place—or, indeed, whether to have training or an access control system at all. The majority complains that it “cannot fathom how the Hospital – or any hospital—could formulate a privacy policy without substantial, direct input from doctors, nurses and medical staff.” Neither can I. But inviting “substantial, direct input” from medical professionals is a far cry from constructing a medical confidentiality policy predicated on medical standards of care. The medical record confidentiality standard of care is in the first instance dictated by the Health Insurance Portability and Accountability Act, and in the second instance by technological and practical considerations. Standards of care flowing from approaches to patient treatment simply have no bearing on the central principle animating confidentiality policies – a patient has a right to keep her private medical information private. Despite the majority’s insistence that “the standard of care pertaining to medical issues” must inform a confidentiality policy, the majority has not provided even a single example of why this must be so. Nor has the majority elucidated how the steps involved in developing a confidentiality policy meeting legal requirements would fall outside the common understanding of lay jurors. Perhaps most tellingly, the majority offers no explanation of how a plethora of medical standards of care, involving judgments from anesthesia choices to x-ray protocols, could, should, or ever actually have factored into a single hospital privacy policy. -6- I would hold that none of plaintiff’s claims, at least as they are presented in this matter, raise issues of medical judgment. To the extent the trial court denied summary disposition on the basis that the case does not sound in medical malpractice, I would affirm. /s/ Amy Ronayne Krause -7-
Document Info
Docket Number: 307886
Filed Date: 11/4/2014
Precedential Status: Non-Precedential
Modified Date: 4/17/2021